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(54) Abstract Title: Key distribution by combination with a signature obtained from a scan of an unmodified token 



(57) A key distribution system can comprise a key 
packaging unit operable to combine a key with a 
signature based upon an intrinsic property of a 
security token, a channel operable to have the 
packaged key transmitted therethrough; and a 
key unpacking unit operable to unpack the key 
using the signature. Thereby the key can be 
transmitted via a non-secure channel to a 
recipient for use thereby, without it being 
possible for a third party to obtain a copy of the 
key by monitoring the channel. The key and 
signature may be combined using an exclusive 
OR (XOR) operation. The intrinsic property of 
the token is used by irradiating the token e.g. 
using a light scanner to obtain a speckle pattern 
representative of the material of the token. This 
pattern may then be digitised to obtain the 
signature. The application envisages that no 
special modification of the token material (e.g. 
invention of microelements) is required to obtain 
the signature. As such the token could be e.g. 
any credit card, business card, or a passport etc. 
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At least one drawing originally filed was informal and the print reproduced here is taken from a later filed formal copy. 
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The present invention relates to keys, and in particular but not exclusively, to 
5 distribution of encryption keys. 

In many applications where secure transmission of data is required, data 
encryption can be used to impede unauthorised access to that data. Conventional 
encryption schemes work on one of two methods: symmetric and asymmetric key 
1 0 methods. 

Symmetric key systems use the same key for encryption and decryption of 
data. Thus the key must be distributed between participants in an exchange of 
encrypted data. If the key is not distributed securely, it is possible for third parties to 
1 5 obtain a copy of the key and to use that copy to access all data encrypted using the 
key. 

Asymmetric key systems work on a one way encryption scheme where a 
public key is used to encrypt data, which can then only be decrypted using a private 

20 key which is kept by the recipient of the data. Thus the public key can be freely 
distributed and anything encrypted using the key can only be decrypted using the 
private key. However in such a system, it can still be desirable that the public key is 
distributed such that a person receiving the public key can be certain that it comes 
from the intended recipient of a secure communication. If this is not the case, there is 

25 a possibility of a third party creating a public key which appears to belong to someone 
else and using that public key and its corresponding private key to access encrypted 
data intended for the apparent originator of the key. 

A data packaging technique has been discussed in Gershenfeld, Science 297 
30 (5589): 20026-2030, September 20 2002). The technique disclosed thereby uses a 
very specific optically transparent three-dimensional token to create wrapping data. 



SUMMARY 



The present invention has been made, at least in part, in consideration of 
problems and drawbacks of conventional systems. 

5 

The present invention has at least in part resulted from the inventor's work on 
applying authentication techniques using tokens made of magnetic materials, where 
the uniqueness is provided by unreproducible defects in the magnetic material that 
affect the token's magnetic response (as detailed in PCT/GB03/03917, Cowburn). As 

10 part of this work, magnetic materials were fabricated in barcode format, i.e. as a 
number of parallel strips. As well as reading the unique magnetic response of the 
strips by sweeping a magnetic field with a magnetic reader, an optical scanner was 
built to read the barcodes by scanning a laser beam over the barcode and using 
contrast from the varying reflectivity of the barcode strips and the article on which 

15 they were formed. This information was complementary to the magnetic 
characteristic, since the barcode was being used to encode a digital signature of the 
unique magnetic response in a type of well known self authentication scheme, for 
example as also described above for banknotes (see for example, Kravolec "Plastic 
tag makes foolproof ID", Technology research news, 2 October 2002). 

20 

To the surprise of the inventor, it was discovered when using this optical 
scanner that the paper background material on which the magnetic chips were 
supported gave a unique optical response to the scanner. On further investigation, it 
was established that many other unprepared surfaces, such as surfaces of various 
25 types of cardboard and plastic, show the same effect. Moreover, it has been 
established by the inventor that the unique characteristic arises at least in part from 
speckle, but also includes non-speckle contributions. 

It has thus been discovered that it is possible to gain all the advantages of 
30 speckle based techniques without having to use a specially prepared token or specially 
prepare an article in any other way. In particular, many types of paper, cardboard and 
plastics have been found to give unique characteristic scattering signals from a 
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coherent light beam, so that unique digital signatures can be obtained from almost any 
paper document or cardboard packaging item. 

The above-described known speckle readers used for security devices appear 
5 to be based on illuminating the whole of a token with a laser beam and imaging a 
significant solid angle portion of the resultant speckle pattern with a CCD (see for 
example GB 2 221 870 and US 6,584,214), thereby obtaining a speckle pattern image 
of the token made up of a large array of data points. 

10 The reader used by the inventor does not operate in this manner. It uses four 

single channel detectors (four simple phototransistors) which are angularly spaced 
apart to collect only four signal components from the scattered laser beam. The laser 
beam is focused to a spot covering only a very small part of the surface. Signal is 
collected from different localised areas on the surface by the four single channel 

1 5 detectors as the spot is scanned over the surface. The characteristic response from the 
article is thus made up of independent measurements from a large number (typically 
hundreds or thousands) of different localised areas on the article surface. Although 
four phototransistors are used, analysis using only data from a single one of the 
phototransistors shows that a unique characteristic response can be derived from this 

20 single channel alone! However, higher security levels are obtained if further ones of 
the four channels are included in the response. 

Viewed from a first aspect, the present invention provides a method for the 
distribution of a key. The method can comprise packaging a key using a signature 

25 based upon an intrinsic property of a security token, transmitting the packaged key to 
a recipient location, and unpacking the key using a signature based upon the intrinsic 
property of the security token. Thus the key can be securely transmitted in such a 
way that a third party intercepting the transmission but not in possession of the 
security token cannot access the key. In some examples, data encrypted using the key 

30 may be transmitted with the packaged key such that the recipient can instantly access 
the encrypted data. In other examples, the key can be transmitted alone for later 
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encryption or decryption use. Such a key may be a key of an asymmetric encryption 
key pair. 



In some embodiments, the packaging can comprise creating error correction 
5 code data for the key and packaging the key and the error correction code data using 
the signature, and the unpacking can comprise unpacking the key and the error 
correction code data and using the error correction code data to undo any errors in the 
key. Thus non-identical biometric type signatures taken from the same security token 
can be used to package and unpack the key without errors occurring in the unpacked 
1 0 key. In some embodiments, the key can include redundant data, or redundant data can 
be added to the key in order to enhance the effectiveness of the error correction 
process. 

In some embodiments the packaging can comprise performing a bitwise 
15 exclusive-OR operation between the key and the signature, and the unpacking can 
comprise performing a bitwise exclusive-OR operation between the packaged key and 
the signature. Thus an easily repeatable, reversible process for packaging the key is 
available, which does not make the key or the signature available to a third party 
monitoring transmission of the packaged key. 

20 

As the signature is typically based upon a biometric type analysis of the 
security token, the signature used in the packaging step may be different to the 
signature used in the unpacking step. However, both signatures are based upon the 
same intrinsic characteristic of the same security token. 

25 

In some examples, each signature is created by exposing the security token to 
coherent radiation, collecting a set of data points that measure scatter of the coherent 
radiation from intrinsic structure of the security token and determining a signature of 
the security token from the set of data points. 

30 

Viewed from a second aspect, the present invention provides a method of 
transmitting encrypted data. The method can comprise encrypting data using an 

4 



encryption key, packaging a decryption key using a signature based upon an intrinsic 
property of a security token, transmitting the packaged key and encrypted data to a 
recipient location, unpacking the key using a signature based upon the intrinsic 
property of the security token, and decrypting the data using the unpacked key. Thus 
5 the data can be transmitted securely in an encrypted form in such a way that an 
authorised recipient thereof in possession of the security token can access the 
necessary decryption key and thus the data, whilst a third party intercepting the 
transmission cannot gain access to the key or the data. In some examples, the 
encryption and decryption keys are the same. In other examples, an asymmetric 
10 encryption/decryption key pair may be used. 

In some embodiments, a transaction such as an e-commerce transaction may 
be carried out. In such a transaction, the encrypted data may relate to financial 
information for value transfer as part of the transaction. The security token may be an 
1 5 access token associated with value transfer such as a bank, credit or loyalty card. 

In some embodiments, the data may be data sent from a database in response 
to an access request. The access request may have been based upon a signature 
obtained from a database access token. The database access token may be the same 
20 physical article as the security token, with different areas or resolutions of the article 
being used to create the different signatures. 

In some examples, one party may maintain a database of security token 
signatures, and different ones of the signatures to communicate with different persons 
25 or entities. 

Viewed from another aspect, the present invention provides a key distribution 
system. The system can comprise a key packaging unit operable to package a key 
using a signature based upon an intrinsic property of a security token, a channel 
30 operable to have the packaged key transmitted therethrough; and a key unpacking unit 
operable to unpack the key using a signature based upon the intrinsic property of the 
security token. Thereby the key can be transmitted via a non-secure channel to a 
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recipient for use thereby, without it being possible for a third party to obtain a copy of 
the key by monitoring the channel. 

Viewed from another aspect, the present invention can provide an encrypted 
5 data transmission system. The system can comprise an encryption unit operable to 
encrypt data using an encryption key, a packaging unit operable to package the key 
using a signature based upon an intrinsic property of a security token, a channel 
operable to have the packaged key and encrypted data transmitted therethrough, an 
unpacking unit operable to unpack the key using a signature based upon the intrinsic 
10 property of the security token, and a decryption unit operable to decrypt the data using 
the unpacked key. Thereby the data can be securely transmitted in a manner which 
enables the recipient to easily access the encrypted data. 

In some examples, one key may be transmitted for use in accessing more than 
15 one data packet. For example, a particular financial or data access transaction may be 
secured using a single key which can be transmitted at the beginning of the 
transaction for use therein. 

In some embodiments, it is ensured that different ones of the data gathered in 
20 relation to the intrinsic property of the article relate to scatter from different parts of 
the article by providing for movement of the coherent beam relative to the article. 
The movement may be provided by a motor that moves the beam over an article that 
is held fixed. The motor could be a servo motor, free running motor, stepper motor or 
any suitable motor type. Alternatively, the drive could be manual in a low cost 
25 reader. For example, the operator could scan the beam over the article by moving a 
carriage on which the article is mounted across a static beam. The coherent beam 
cross-section will usually be at least one order of magnitude (preferably at least two) 
smaller than the projection of the article so that a significant number of independent 
data points can be collected. A focusing arrangement may be provided for bringing 
30 the coherent beam into focus in the article. The focusing arrangement may be 
configured to bring the coherent beam to an elongate focus, in which case the drive is 
preferably configured to move the coherent beam over the article in a direction 
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transverse to the major axis of the elongate focus. An elongate focus can 
conveniently be provided with a cylindrical lens, or equivalent mirror arrangement. 

In other embodiments, it can be ensured that different ones of the data points 
5 relate to scatter from different parts of the article, in that the detector arrangement 
includes a plurality of detector channels arranged and configured to sense scatter from 
respective different parts of the article. This can be achieved with directional 
detectors, local collection of signal with optical fibres or other measures. With 
directional detectors or other localised collection of signal, the coherent beam does 
10 not need to be focused. Indeed, the coherent beam could be static and illuminate the 
whole sampling volume. Directional detectors could be implemented by focusing 
lenses fused to, or otherwise fixed in relation to, the detector elements. Optical fibres 
may be used in conjunction with microlenses. 

15 It is possible to make a workable reader when the detector arrangement 

consists of only a single detector channel. Other embodiments use a detector 
arrangement that comprises a group of detector elements angularly distributed and 
operable to collect a group of data points for each different part of the reading 
volume, preferably a small group of a few detector elements. Security enhancement 

20 is provided when the signature incorporates a contribution from a comparison 
between data points of the same group. This comparison may conveniently involve a 
cross-correlation. 

Although a working reader can be made with only one detector channel, there 
25 are preferably at least 2 channels. This allows cross-correlations between the detector 
signals to be made, which is useful for the signal processing associated with 
determining the signature. It is envisaged that between 2 and 10 detector channels 
will be suitable for most applications with 2 to 4 currently being considered as the 
optimum balance between apparatus simplicity and security. 

30 

The detector elements are advantageously arranged to lie in a plane 
intersecting the reading volume with each member of the pair being angularly 
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distributed in the plane in relation to the coherent beam axis, preferably with one or 
more detector elements either side of the beam axis. However, non-planar detector 
arrangements are also acceptable. 



5 The use of cross-correlations of the signals obtained from the different 

detectors has been found to give valuable data for increasing the security levels and 
also for allowing the signatures to be more reliably reproducible over time. The 
utility of the cross-correlations is somewhat surprising from a scientific point of view, 
since speckle patterns are inherently uncorrelated (with the exception of signals from 

10 opposed points in the pattern). In other words, for a speckle pattern there will by 
definition be zero cross-correlation between the signals from the different detectors so 
long as they are not arranged at equal magnitude angles offset from the excitation 
location in a common plane intersecting the excitation location. The value of using 
cross-correlation contributions therefore indicates that an important part of the scatter 

15 signal is not speckle. The non-speckle contribution could be viewed as being the 
result of direct scatter, or a diffuse scattering contribution, from a complex surface, 
such as paper fibre twists. At present the relative importance of the speckle and non- 
speckle scatter signal contribution is not clear. However, it is clear from the 
experiments performed to date that the detectors are not measuring a pure speckle 

20 pattern, but a composite signal with speckle and non-speckle components. 

Incorporating a cross-correlation component in the signature can also be of 
benefit for improving security. This is because, even if it is possible using high 
resolution printing to make an article that reproduces the contrast variations over the 
25 surface of the genuine article, this would not be able to match the cross-correlation 
coefficients obtained by scanning the genuine article. 

In the one embodiment, the detector channels are made up of discrete detector 
components in the form of simple phototransistors. Other simple discrete components 
30 could be used such as PIN diodes or photodiodes. Integrated detector components, 
such as a detector array could also be used, although this would add to the cost and 
complexity of the device. 



From initial experiments which modify the illumination angle of the laser 
beam on the article to be scanned, it also seems to be preferable in practice that the 
laser beam is incident approximately normal to the surface being scanned in order to 

5 obtain a characteristic that can be repeatedly measured from the same surface with 
little change, even when the article is degraded between measurements. At least some 
known readers use oblique incidence (see GB 2 221 870). Once appreciated, this 
effect seems obvious, but it is clearly not immediately apparent as evidenced by the 
design of some prior art speckle readers including that of GB 2 221 870 and indeed 

10 the first prototype reader built by the inventor. The inventor's first prototype reader 
with oblique incidence functioned reasonably well in laboratory conditions, but was 
quite sensitive to degradation of the paper used as the article. For example, rubbing 
the paper with fingers was sufficient to cause significant differences to appear upon 
re-measurement. The second prototype reader used normal incidence and has been 

15 found to be robust against degradation of paper by routine handling, and also more 
severe events such as: passing through various types of printer including a laser 
printer, passing through a photocopier machine, writing on, printing on, deliberate 
scorching in an oven, and crushing and reflattening. 

20 It can therefore be advantageous to mount the source so as to direct the 

coherent beam onto the reading volume so that it will strike an article with near 
normal incidence. By near normal incidence means ±5, 10 or 20 degrees. 
Alternatively, the beam can be directed to have oblique incidence on the articles. This 
will usually have a negative influence in the case that the beam is scanned over the 

25 article. 

It is also noted that in the readers described in the detailed description, the 
detector arrangement is arranged in reflection to detect radiation back scattered from 
the reading volume. However, if the article is transparent, the detectors could be 
30 arranged in transmission. 
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A signature generator can be operable to access the database of previously 
recorded signatures and perform a comparison to establish whether the database 
contains a match to the signature of an article that has been placed in the reading 
volume. The database may be part of a mass storage device that forms part of the 
5 reader apparatus, or may be at a remote location and accessed by the reader through a 
telecommunications link. The telecommunications link may take any conventional 
form, including wireless and fixed links, and may be available over the internet. The 
data acquisition and processing module may be operable, at least in some operational 
modes, to allow the signature to be added to the database if no match is found. 

10 

When using a database, in addition to storing the signature it may also be 
useful to associate that signature in the database with other information about the 
article such as a scanned copy of the document, a photograph of a passport holder, 
details on the place and time of manufacture of the product, or details on the intended 
1 5 sales destination of vendable goods (e.g. to track grey importation). 

The invention allows identification of articles made of a variety of different 
kinds of materials, such as paper, cardboard and plastic. 

20 By intrinsic structure we mean structure that the article inherently will have by 

virtue of its manufacture, thereby distinguishing over structure specifically provided 
for security purposes, such as structure given by tokens or artificial fibres 
incorporated in the article. 

25 By paper or cardboard we mean any article made from wood pulp or 

equivalent fibre process. The paper or cardboard may be treated with coatings or 
impregnations or covered with transparent material, such as cellophane. If long-term 
stability of the surface is a particular concern, the paper may be treated with an acrylic 
spray-on transparent coating, for example. 

30 

Data points can thus be collected as a function of position of illumination by 
the coherent beam. This can be achieved either by scanning a localised coherent 

10 



beam over the article, or by using directional detectors to collect scattered light from 
different parts of the article, or by a combination of both. 

The signature is envisaged to be a digital signature in most applications. 
5 Typical sizes of the digital signature with current technology would be in the range 
200 bits to 8k bits, where currently it is preferable to have a digital signature size of 
about 2k bits for high security. 

A further implementation of the invention can be performed without storing 
10 the digital signatures in a database, but rather by labelling the entitlement token with a 
label derived from the signature, wherein the label conforms to a machine-readable 
encoding protocol. 
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BRIEF DESCRIPTION OF THE FIGURES 

Specific embodiments of the present invention will now be described by way 
of example only with reference to the accompanying figures in which: 

5 

Figure 1 is a schematic side view of an example of a reader apparatus; 

Figure 2 is a schematic perspective view showing how the reading volume of 
the reader apparatus of Figure 1 is sampled; 

10 

Figure 3 is a block schematic diagram of the functional components of the 
reader apparatus of Figure 1 ; 

Figure 4 is a perspective view of the reader apparatus of Figure 1 showing its 
1 5 external form; 

Figure 5 is a perspective view showing another example of an external form 
for the reader of Figure 1 ; 

20 Figure 6A is schematic cross-sectional view through an alternative reader 

configuration; 

Figure 6B is a perspective view of another alternative reader configuration; 

25 Figure 6C is a perspective view of another alternative reader configuration; 

Figure 7A shows schematically in side view an alternative imaging 
arrangement for a reader based on directional light collection and blanket 
illumination; 

30 
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Figure 7B shows schematically in plan view the optical footprint of a further 
alternative imaging arrangement for a reader in which directional detectors are used in 
combination with localised illumination with an elongate beam; 

5 Figure 8A is a microscope image of a paper surface with the image covering 

an area of approximately 0.5 x 0.2 mm; 

Figure 8B is a microscope image of a plastic surface with the image covering 
an area of approximately 0.02 x 0.02 mm; 

10 

Figure 9A shows raw data from a single photodetector using the reader of 
Figure 1 which consists of a photodetector signal and an encoder signal; 

Figure 9B shows the photodetector data of Figure 9A after linearisation with 
1 5 the encoder signal and averaging the amplitude; 

Figure 9C shows the data of Figure 9B after digitisation according to the 
average level; 

20 Figure 1 0 is a flow diagram showing how a signature of an article is generated 

from a scan; 

Figure 1 1 is a flow diagram showing how a signature of an article obtained 
from a scan can be verified against a signature database; 

25 

Figure 12 is a flow diagram showing how the verification process of Figure 1 1 
can be altered to account for non-idealities in a scan; 

Figure 13A shows an example of cross-correlation data gathered from a scan; 

30 

Figure 13b shows an example of cross-correlation data gathered from a scan 
where the scanned article is distorted; 
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Figure 13C shows an example of cross-correlation data gathered from a scan 
where the scanned article is scanned at non-linear speed; 

5 Figure 14 shows a schematic representation of an article for verification; 

Figure 15 is a schematic cut-away perspective view of a multi-scan head 
scanner; 

10 Figure 16 is a schematic cut-away perspective view of a multi-scan head 

position scanner; 

Figure 17 shows schematically a system for packaging an encryption key; and 

15 Figure 18 shows schematically a system for unpacking of a packaged 

encryption key. 

While the invention is susceptible to various modifications and alternative forms, 
specific embodiments are shown by way of example in the drawings and are herein 
20 described in detail. It should be understood, however, that drawings and detailed 
description thereto are not intended to limit the invention to the particular form 
disclosed, but on the contrary, the invention is to cover all modifications, equivalents 
and alternatives falling within the spirit and scope of the present invention as defined 
by the appended claims. 
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DESCRIPTION OF PARTICULAR EMBODIMENTS 



For providing security and authorisation services in environments such as an 
e-commerce environment, a system for uniquely identifying a physical item can be 
5 used to reduce possibilities for fraud, and to enhance both actual and perceived 
reliability of the e-commerce system, for both provider and end-users. 

Examples of systems suitable for performing such item identification will now 
be described with reference to Figures 1 to 1 1 . 

10 

Figure 1 shows a schematic side view of a first example of a reader apparatus 
1. The optical reader apparatus 1 is for measuring a signature from an article (not 
shown) arranged in a reading volume of the apparatus. The reading volume is formed 
by a reading aperture 10 which is a slit in a housing 12. The housing 12 contains the 

15 main optical components of the apparatus. The slit has its major extent in the x 
direction (see inset axes in the drawing). The principal optical components are a laser 
source 14 for generating a coherent laser beam 15 and a detector arrangement 16 
made up of a plurality of k photodetector elements, where k = 4 in this example, 
labelled 16a, 16b, 16c and 16d. The laser beam 15 is focused by a cylindrical lens 18 

20 into an elongate focus extending in the y direction (perpendicular to the plane of the 
drawing) and lying in the plane of the reading aperture. In one example reader, the 
elongate focus has a major axis dimension of about 2 mm and a minor axis dimension 
of about 40 micrometres. These optical components are contained in a subassembly 
20. In the present example, the four detector elements 16a...d are distributed either 

25 side of the beam axis offset at different angles in an interdigitated arrangement from 
the beam axis to collect light scattered in reflection from an article present in the 
reading volume. In the present example, the offset angles are -70, -20, +30 and +50 
degrees. The angles either side of the beam axis are chosen so as not to be equal so 
that the data points they collect are as independent as possible. All four detector 

30 elements are arranged in a common plane. The photodetector elements 16a..d detect 
light scattered from an article placed on the housing when the coherent beam scatters 
from the reading volume. As illustrated, the source is mounted to direct the laser 

15 



beam 1 5 with its beam axis in the z direction, so that it will strike an article in the 
reading aperture at normal incidence. 

Generally it is desirable that the depth of focus is large, so that any differences 
5 in the article positioning in the z direction do not result in significant changes in the 
size of the beam in the plane of the reading aperture. In the present example, the 
depth of focus is approximately 0.5 mm which is sufficiently large to produce good 
results where the position of the article relative to the scanner can be controlled to 
some extent. The parameters, of depth of focus, numerical aperture and working 
10 distance are interdependent, resulting in a well known trade off between spot size and 
depth of focus. 

A drive motor 22 is arranged in the housing 12 for providing linear motion of 
the optics subassembly 20 via suitable bearings 24 or other means, as indicated by the 

1 5 arrows 26. The drive motor 22 thus serves to move the coherent beam linearly in the 
x direction over the reading aperture 10 so that the beam 15 is scanned in a direction 
transverse to the major axis of the elongate focus. Since the coherent beam 15 is 
dimensioned at its focus to have a cross-section in the xz plane (plane of the drawing) 
that is much smaller than a projection of the reading volume in a plane normal to the 

20 coherent beam, i.e. in the plane of the housing wall in which the reading aperture is 
set, a scan of the drive motor 22 will cause the coherent beam 1 5 to sample many 
different parts of the reading volume under action of the drive motor 22. 

Figure 2 is included to illustrate this sampling and is a schematic perspective 
25 view showing how the reading area is sampled n times by scanning an elongate beam 
across it. The sampling positions of the focused laser beam as it is scanned along the 
reading aperture under action of the drive is represented by the adjacent rectangles 
numbered 1 to n which sample an area of length T and width W. Data collection is 
made so as to collect signal at each of the n positions as the drive is scanned along the 
30 slit. Consequently, a sequence of k x n data points are collected that relate to scatter 
from the n different illustrated parts of the reading volume. 
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Also illustrated schematically are optional distance marks 28 formed on the 
underside of the housing 12 adjacent the slit 10 along the x direction, i.e. the scan 
direction. An example spacing between the marks in the x-direction is 300 
micrometres. These marks are sampled by a tail of the elongate focus and provide for 
5 linearisation of the data in the x direction in situations where such linearisation is 
required, as is described in more detail further below. The measurement is performed 
by an additional phototransistor 19 which is a directional detector arranged to collect 
light from the area of the marks 28 adjacent the slit. 

10 In alternative examples, the marks 28 can be read by a dedicated encoder 

emitter/detector module 19 that is part of the optics subassembly 20. Encoder 
emitter/detector modules are used in bar code readers. In one example, an Agilent 
HEDS-1500 module that is based on a focused light emitting diode (LED) and 
photodetector can be used. The module signal is fed into the PIC ADC as an extra 

1 5 detector channel (see discussion of Figure 3 below). 

With an example minor dimension of the focus of 40 micrometers, and a scan 
length in the x direction of 2 cm, n=500, giving 2000 data points with k = 4. A 
typical range of values for k x n depending on desired security level, article type, 

20 number of detector channels 'k' and other factors is expected to be 100 < k x n < 
10,000. It has also been found that increasing the number of detectors k also 
improves the insensitivity of the measurements to surface degradation of the article 
through handling, printing etc. In practice, with the prototypes used to date, a rule of 
thumb is that the total number of independent data points, i.e. k x n, should be 500 or 

25 more to give an acceptably high security level with a wide variety of surfaces. Other 
minima (either higher or lower) may apply where a scanner is intended for use with 
only one specific surface type or group of surface types. 

Figure 3 is a block schematic diagram of functional components of the reader 
30 apparatus. The motor 22 is connected to a programmable interrupt controller (PIC) 30 
through an electrical link 23. The detectors 16a.. .d of the detector module 16 are 
connected through respective electrical connection lines 17a...d to an analogue-to- 
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digital converter (ADC) that is part of the PIC 30. A similar electrical connection line 
21 connects the marker reading detector 19 to the PIC 30. It will be understood that 
optical or wireless links may be used instead of, or in combination with, electrical 
links. The PIC 30 is interfaced with a personal computer (PC) 34 through a data 
5 connection 32. The PC 34 may be a desktop or a laptop. As an alternative to a PC, 
other intelligent devices may be used, for example a personal digital assistant (PDA) 
or a dedicated electronics unit. The PIC 30 and PC 34 collectively form a data 
acquisition and processing module 36 for determining a signature of the article from 
the set of data points collected by the detectors 16a...d. 

10 

In some examples, the PC 34 can have access through an interface connection 
38 to a database (dB) 40. The database 40 may be resident on the PC 34 in memory, 
or stored on a drive thereof. Alternatively, the database 40 may be remote from the 
PC 34 and accessed by wireless communication, for example using mobile telephony 

15 services or a wireless local area network (LAN) in combination with the internet. 
Moreover, the database 40 may be stored locally on the PC 34, but periodically 
downloaded from a remote source. The database may be administered by a remote 
entity, which entity may provide access to only a part of the total database to the 
particular PC 34, and/or may limit access the database on the basis of a security 

20 policy. 

The database 40 can contain a library of previously recorded signatures. The 
PC 34 can be programmed so that in use it can access the database 40 and performs a 
comparison to establish whether the database 40 contains a match to the signature of 
25 the article that has been placed in the reading volume. The PC 34 can also be 
programmed to allow a signature to be added to the database if no match is found. 

The way in which data flow between the PC and database is handled can be 
dependent upon the location of the PC and the relationship between the operator of 
30 the PC and the operator of the database. For example, if the PC and reader are being 
used to confirm the authenticity of an article, then the PC will not need to be able to 
add new articles to the database, and may in fact not directly access the database, but 
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instead provide the signature to the database for comparison. In this arrangement the 
database may provide an authenticity result to the PC to indicate whether the article is 
authentic. On the other hand, if the PC and reader are being used to record or validate 
an item within the database, then the signature can be provided to the database for 
5 storage therein, and no comparison may be needed. In this situation a comparison 
could be performed however, to avoid a single item being entered into the database 
twice. 

Figure 4 is a perspective view of the reader apparatus 1 showing its external 
10 form. The housing 12 and slit-shaped reading aperture 10 are evident. A physical 
location aid 42 is also apparent and is provided for positioning an article of a given 
form in a fixed position in relation to the reading aperture 10. In the present example, 
the physical location aid 42 is in the form of a right-angle bracket in which the corner 
of a document or packaging box can be located. This ensures that the same part of the 
15 article can be positioned in the reading aperture 10 whenever the article needs to be 
scanned. A simple angle bracket or equivalent, is sufficient for articles with a well- 
defined corner, such as sheets of paper, passports, ID cards and packaging boxes. 
Other shaped position guides could be provided to accept items of different shapes, 
such as circular items including CDs and DVDs, or items with curved surfaces such 
20 as cylindrical packaging containers. Where only one size and shape of item is to be 
scanned a slot may be provided for receiving the item. 

Thus there has now been described an example of a scanning and signature 
generation apparatus suitable for use in a security mechanism for remote verification 
25 of article authenticity. Such a system can be deployed to allow an article to be 
scanned in more than one location, and for a check to be performed to ensure that the 
article is the same article in both instances, and optionally for a check to performed to 
ensure that the article has not been tampered with between initial and subsequent 
scannings. 

30 

Figure 5 shows an example of an alternative physical configuration for a 
reader where a document feeder is provided to ensure that article placement is 
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consistent. In this example, a housing 60 is provided, having an article feed tray 61 
attached thereto. The tray 61 can hold one or more articles 62 for scanning by the 
reader. A motor can drive feed rollers 64 to carry an article 62 through the device and 
across a scanning aperture of an optics subassembly 20 as described above. Thus the 
5 article 62 can be scanned by the optics subassembly 20 in the manner discussed above 
in a manner whereby the relative motion between optics subassembly and article is 
created by movement of the article. Using such a system, the motion of the scanned 
item can be controlled using the motor with sufficient linearity that the use of distance 
marks and linearisation processing may be unnecessary. The apparatus could follow 
10 any conventional format for document scanners, photocopiers or document 
management systems. Such a scanner may be configured to handle line-feed sheets 
(where multiple sheets are connected together by, for example, a perforated join) as 
well as or instead of handing single sheets. 

1 5 Thus there has now been described an apparatus suitable for scanning articles 

in an automated feeder type device. Depending upon the physical arrangement of the 
feed arrangement, the scanner may be able to scan one or more single sheets of 
material, joined sheets or material or three-dimensional items such as packaging 
cartons. 

20 

Figures 6 show examples of further alternative physical configurations for a 
reader. In this example, the article is moved through the reader by a user. As shown 
in Figure 6A, a reader housing 70 can be provided with a slot 71 therein for insertion 
of an article for scanning. An optics subassembly 20 can be provided with a scanning 
25 aperture directed into the slot 71 so as to be able to scan an article 62 passed through 
the slot. Additionally, guide elements 72 may be provided in the slot 71 to assist in 
guiding the article to the correct focal distance from the optics sub-assembly 20 
and/or to provide for a constant speed passage of the article through the slot. 

30 As shown in Figure 6B, the reader may be configured to scan the article when 

moved along a longitudinal slot through the housing 70, as indicated by the arrow. 
Alternatively, as shown in Figure 6C, the reader may be configured to scan the article 
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when inserted into or removed from a slot extending into the reader housing 70, as 
indicated by the arrow. Scanners of this type may be particularly suited to scanning 
articles which are at least partially rigid, such as card, plastic or metal sheets. Such 
sheets may, for example, be plastic items such as credit cards or other bank cards. 

5 

Thus there have now been described an arrangement for manually initiated 
scanning of an article. This could be used for scanning bank cards and/or credit cards. 
Thereby a card could be scanned at a terminal where that card is presented for use, 
and a signature taken from the card could be compared to a stored signature for the 

10 card to check the authenticity and un-tampered nature of the card. Such a device 
could also be used, for example in the context of reading a military-style metal ID-tag 
(which tags are often also carried by allergy sufferers to alert others to their allergy). 
This could enable medical personnel treating a patient to ensure that the patient being 
treated was in fact the correct bearer of the tag. Likewise, in a casualty situation, a 

15 recovered tag could be scanned for authenticity to ensure that a casualty has been 
correctly identified before informing family and/or colleagues. 

The above-described examples are based on localised excitation with a 
coherent light beam of small cross-section in combination with detectors that accept 
20 light signal scattered over a much larger area that includes the local area of excitation. 
It is possible to design a functionally equivalent optical system which is instead based 
on directional detectors that collect light only from localised areas in combination 
with excitation of a much larger area. 

25 Figure 7A shows schematically in side view such an imaging arrangement for 

a reader which is based on directional light collection and blanket illumination with a 
coherent beam. An array detector 48 is arranged in combination with a cylindrical 
microlens array 46 so that adjacent strips of the detector array 48 only collect light 
from corresponding adjacent strips in the reading volume. With reference to Figure 2, 

30 each cylindrical microlens is arranged to collect light signal from one of the n 
sampling strips. The coherent illumination can then take place with blanket 
illumination of the whole reading volume (not shown in the illustration). 
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A hybrid system with a combination of localised excitation and localised 
detection may also be useful in some cases. 

5 Figure 7B shows schematically in plan view the optical footprint of such a 

hybrid imaging arrangement for a reader in which directional detectors are used in 
combination with localised illumination with an elongate beam. This example may be 
considered to be a development of the example of Figure 1 in which directional 
detectors are provided. In this example three banks of directional detectors are 

10 provided, each bank being targeted to collect light from different portions along the '1 
x w' excitation strip. The collection area from the plane of the reading volume are 
shown with the dotted circles, so that a first bank of, for example 2, detectors collects 
light signal from the upper portion of the excitation strip, a second bank of detectors 
collects light signal from a middle portion of the excitation strip and a third bank of 

15 detectors collects light from a lower portion of the excitation strip. Each bank of 
detectors is shown having a circular collection area of diameter approximately 1/m, 
where m is the number of subdivisions of the excitation strip, where m = 3 in the 
present example. In this way the number of independent data points can be increased 
by a factor of m for a given scan length 1. As described further below, one or more of 

20 different banks of directional detectors can be used for a purpose other than collecting 
light signal that samples a speckle pattern. For example, one of the banks may be 
used to collect light signal in a way optimised for barcode scanning. If this is the 
case, it will generally be sufficient for that bank to contain only one detector, since 
there will be no advantage obtaining cross-correlations when only scanning for 

25 contrast. 

Having now described the principal structural components and functional 
components of various reader apparatuses, the numerical processing used to 
determine a signature will now be described. It will be understood that this numerical 
30 processing can be implemented for the most part in a computer program that runs on 
the PC 34 with some elements subordinated to the PIC 30. In alternative examples, 
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the numerical processing could be performed by a dedicated numerical processing 
device or devices in hardware or firmware. 

Figure 8A is a microscope image of a paper surface with the image covering 
5 an area of approximately 0.5 x 0.2 mm. This figure is included to illustrate that 
macroscopically flat surfaces, such as from paper, are in many cases highly structured 
at a microscopic scale. For paper, the surface is microscopically highly structured as 
a result of the intermeshed network of wood or other fibres that make up the paper. 
The figure is also illustrative of the characteristic length scale for the wood fibres 

1 0 which is around 10 microns. This dimension has the correct relationship to the optical 
wavelength of the coherent beam of the present example to cause diffraction and 
hence speckle, and also diffuse scattering which has a profile that depends upon the 
fibre orientation. It will thus be appreciated that if a reader is to be designed for a 
specific class of goods, the wavelength of the laser can be tailored to the structure 

15 feature size of the class of goods to be scanned. It is also evident from the figure that 
the local surface structure of each piece of paper will be unique in that it depends on 
how the individual wood fibres are arranged. A piece of paper is thus no different 
from a specially created token, such as the special resin tokens or magnetic material 
deposits of the prior art, in that it has structure which is unique as a result of it being 

20 made by a process governed by laws of nature. The same applies to many other types 
of article. 

Figure 8B shows an equivalent image for a plastic surface. This atomic force 
microscopy image clearly shows the uneven surface of the macroscopically smooth 
25 plastic surface. As can be surmised from the figure, this surface is smoother than the 
paper surface illustrated in Figure 8A, but even this level of surface undulation can be 
uniquely identified using the signature generation scheme of the present example. 

In other words, it can be essentially pointless to go to the effort and expense of 
30 making specially prepared tokens, when unique characteristics are measurable in a 
straightforward manner from a wide variety of every day articles. The data collection 
and numerical processing of a scatter signal that takes advantage of the natural 

23 



structure of an article's surface (or interior in the case of transmission) is now 
described. 

Figure 9A shows raw data from a single one of the photodetectors 16a.. .d of 
5 the reader of Figure 1. The graph plots signal intensity I in arbitrary units (a.u.) 
against point number n (see Figure 2). The higher trace fluctuating between 1 = 0- 
250 is the raw signal data from photodetector 16a. The lower trace is the encoder 
signal picked up from the markers 28 (see Figure 2) which is at around I = 50. 

10 Figure 9B shows the photodetector data of Figure 10A after linearisation with 

the encoder signal (n.b. although the x axis is on a different scale from Figure 10A, 
this is of no significance). As noted above, where a movement of the article relative 
to the scanner is sufficiently linear, there may be no need to make use of a 
linearisation relative to alignment marks. In addition, the average of the intensity has 

1 5 been computed and subtracted from the intensity values. The processed data values 
thus fluctuate above and below zero. 

Figure 9C shows the data of Figure 9B after digitisation. The digitisation 
scheme adopted is a simple binary one in which any positive intensity values are set at 
20 value 1 and any negative intensity values are set at zero. It will be appreciated that 
multi-state digitisation could be used instead, or any one of many other possible 
digitisation approaches. The main important feature of the digitisation is merely that 
the same digitisation scheme is applied consistently. 

25 Figure 1 0 is a flow diagram showing how a signature of an article is generated 

from a scan. 

Step SI is a data acquisition step during which the optical intensity at each of 
the photodetectors is acquired approximately every 1ms during the entire length of 
30 scan. Simultaneously, the encoder signal is acquired as a function of time. It is noted 
that if the scan motor has a high degree of linearisation accuracy (e.g. as would a 
stepper motor) then linearisation of the data may not be required. The data is acquired 
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by the PIC 30 taking data from the ADC 31. The data points are transferred in real 
time from the PIC 30 to the PC 34. Alternatively, the data points could be stored in 
memory in the PIC 30 and then passed to the PC 34 at the end of a scan. The number 
n of data points per detector channel collected in each scan is defined as N in the 
5 following. Further, the value a k (i) is defined as the i-th stored intensity value from 
photodetector k, where i runs from 1 to N. Examples of two raw data sets obtained 
from such a scan are illustrated in Figure 9A. 

Step S2 uses numerical interpolation to locally expand and contract «k(i) so 
10 that the encoder transitions are evenly spaced in time. This corrects for local 
variations in the motor speed. This step can be performed in the PC 34 by a computer 
program. 

Step S3 is an optional step. If performed, this step numerically differentiates 
1 5 the data with respect to time. It may also be desirable to apply a weak smoothing 
function to the data. Differentiation may be useful for highly structured surfaces, as it 
serves to attenuate uncorrected contributions from the signal relative to correlated 
(speckle) contributions. 

20 Step S4 is a step in which, for each photodetector, the mean of the recorded 

signal is taken over the N data points. For each photodetector, this mean value is 
subtracted from all of the data points so that the data are distributed about zero 
intensity. Reference is made to Figure 9B which shows an example of a scan data set 
after linearisation and subtraction of a computed average. 

25 

Step S5 digitises the analogue photodetector data to compute a digital 
signature representative of the scan. The digital signature is obtained by applying the 
rule: ak(i) >0 maps onto binary T and a^i) <=0 maps onto binary '0'. The digitised 
data set is defined as dk(i) where / runs from 1 to N. The signature of the article may 
30 incorporate further components in addition to the digitised signature of the intensity 
data just described. These further optional signature components are now described. 
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Step S6 is an optional step in which a smaller 'thumbnail' digital signature is 
created. This is done either by averaging together adjacent groups of m readings, or 
more preferably by picking every cth data point, where c is the compression factor of 
the thumbnail. The latter is preferred since averaging may disproportionately amplify 
5 noise. The same digitisation rule used in Step S5 is then applied to the reduced data 
set. The thumbnail digitisation is defined as t k (i) where i runs 1 to N/c and c is the 
compression factor. 



10 The additional component is a cross-correlation component calculated between the 
intensity data obtained from different ones of the photodetectors. With 2 channels 
there is one possible cross-correlation coefficient, with 3 channels up to 3, and with 4 
channels up to 6 etc. The cross-correlation coefficients are useful, since it has been 
found that they are good indicators of material type. For example, for a particular 

15 type of document, such as a passport of a given type, or laser printer paper, the cross- 
correlation coefficients always appear to lie in predictable ranges. A normalised 
cross-correlation can be calculated between a k (i) and ai(i), where k*l and k,l vary 
across all of the photodetector channel numbers. The normalised cross-correlation 
function F is defined as 



Another aspect of the cross-correlation function that can be stored for use in 
later verification is the width of the peak in the cross-correlation function, for example 
the full width half maximum (F WHM). The use of the cross-correlation coefficients 
25 in verification processing is described further below. 

Step S8 is another optional step which is to compute a simple intensity 
average value indicative of the signal intensity distribution. This may be an overall 
average of each of the mean values for the different detectors or an average for each 



Step S7 is an optional step applicable when multiple detector channels exist. 
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detector, such as a root mean square (rms) value of ak(i). If the detectors are arranged 
in pairs either side of normal incidence as in the reader described above, an average 
for each pair of detectors may be used. The intensity value has been found to be a 
good crude filter for material type, since it is a simple indication of overall reflectivity 
5 and roughness of the sample. For example, one can use as the intensity value the 
unnormalised rms value after removal of the average value, i.e. the DC background. 

The signature data obtained from scanning an article can be compared against 
records held in a signature database for verification purposes and/or written to the 
1 0 database to add a new record of the signature to extend the existing database. 

A new database record will include the digital signature obtained in Step S5. 
This can optionally be supplemented by one or more of its smaller thumbnail version 
obtained in Step S6 for each photodetector channel, the cross-correlation coefficients 
15 obtained in Step S7 and the average value(s) obtained in Step S8. Alternatively, the 
thumbnails may be stored on a separate database of their own optimised for rapid 
searching, and the rest of the data (including the thumbnails) on a main database. 

Figure 1 1 is a flow diagram showing how a signature of an article obtained 
20 from a scan can be verified against a signature database. 

In a simple implementation, the database could simply be searched to find a 
match based on the full set of signature data. However, to speed up the verification 
process, the process can use the smaller thumbnails and pre-screening based on the 
25 computed average values and cross-correlation coefficients as now described. 

Verification Step VI is the first step of the verification process, which is to 
scan an article according to the process described above, i.e. to perform Scan Steps SI 
toS8. 

30 

Verification Step V2 takes each of the thumbnail entries and evaluates the 
number of matching bits between it and t k (i+f) , where ; is a bit offset which is varied 

27 



to compensate for errors in placement of the scanned area. The value of j is 
determined and then the thumbnail entry which gives the maximum number of 
matching bits. This is the 'hit' used for further processing. 



5 



Verification Step V3 is an optional pre-screening test that is performed before 



analysing the full digital signature stored for the record against the scanned digital 
signature. In this pre-screen, the rms values obtained in Scan Step S8 are compared 
against the corresponding stored values in the database record of the hit. The 'hit' is 
rejected from further processing if the respective average values do not agree within a 
10 predefined range. The article is then rejected as non-verified (i.e. jump to Verification 
Step V6 and issue fail result). 

Verification Step V4 is a further optional pre-screening test that is performed 
before analysing the full digital signature. In this pre-screen, the cross-correlation 
1 5 coefficients obtained in Scan Step S7 are compared against the corresponding stored 
values in the database record of the hit. The 'hit' is rejected from further processing if 
the respective cross-correlation coefficients do not agree within a predefined range. 
The article is then rejected as non-verified (i.e. jump to Verification Step V6 and issue 
fail result). 



Another check using the cross-correlation coefficients that could be performed 
in Verification Step V4 is to check the width of the peak in the cross-correlation 
function, where the cross-corrleation function is evaluated by comparing the value 
stored from the original scan in Scan Step S7 above and the re-scanned value: 



If the width of the re-scanned peak is significantly higher than the width of the 
original scan, this may be taken as an indicator that the re-scanned article has been 
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tampered with or is otherwise suspicious. For example, this check should beat a 
fraudster who attempts to fool the system by printing a bar code or other pattern with 
the same intensity variations that are expected by the photodetectors from the surface 
being scanned. 

5 

Verification Step V5 is the main comparison between the scanned digital 
signature obtained in Scan Step S5 and the corresponding stored values in the 
database record of the hit. The full stored digitised signature, d k db (i) is split into n 
blocks of q adjacent bits on k detector channels, i.e. there are qk bits per block. A 

10 typical value for q is 4 and a typical value for k is 4, making typically 16 bits per 
block. The qk bits are then matched against the qk corresponding bits in the stored 
digital signature dk M (i+j). If the number of matching bits within the block is greater 
or equal to some pre-defined threshold z, hresh , then the number of matching blocks is 
incremented. A typical value for z,hresh is 13. This is repeated for all n blocks. This 

15 whole process is repeated for different offset values of j, to compensate for errors in 
placement of the scanned area, until a maximum number of matching blocks is found. 
Defining M as the maximum number of matching blocks, the probability of an 
accidental match is calculated by evaluating: 

P (M)= ±s»(i- s y- w :c 

w=n-M 

20 

where s is the probability of an accidental match between any two blocks 
(which in turn depends upon the chosen value of z,h res hoid), M is the number of 
matching blocks and p(M) is the probability of M or more blocks matching 
accidentally. The value of s is determined by comparing blocks within the data base 

25 from scans of different objects of similar materials, e.g. a number of scans of paper 
documents etc. For the case of ^=4, k=4 and z t hreshoicT^, we typical value of 5 is 0.1 . 
If the qk bits were entirely independent, then probability theory would give .9=0.01 for 
ZthreshoiiT^- The fact that a higher value is found empirically is because of 
correlations between the k detector channels and also correlations between adjacent 

30 bits in the block due to a finite laser spot width. A typical scan of a piece of paper 
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yields around 314 matching blocks out of a total number of 510 blocks, when 
compared against the data base entry for that piece of paper. Setting M=3 14, n=5 1 0, 
s=0. 1 for the above equation gives a probability of an accidental match of 10" 177 . 

5 Verification Step V6 issues a result of the verification process. The 

probability result obtained in Verification Step V5 may be used in a pass/fail test in 
which the benchmark is a pre-defined probability threshold. In this case the 
probability threshold may be set at a level by the system, or may be a variable 
parameter set at a level chosen by the user. Alternatively, the probability result may 
1 0 be output to the user as a confidence level, either in raw form as the probability itself, 
or in a modified form using relative terms (e.g. no match / poor match / good match / 
excellent match) or other classification. 

It will be appreciated that many variations are possible. For example, instead 
1 5 of treating the cross-correlation coefficients as a pre-screen component, they could be 
treated together with the digitised intensity data as part of the main signature. For 
example the cross-correlation coefficients could be digitised and added to the 
digitised intensity data. The cross-correlation coefficients could also be digitised on 
their own and used to generate bit strings or the like which could then be searched in 
20 the same way as described above for the thumbnails of the digitised intensity data in 
order to find the hits. 

Thus there have now been described a number of examples arrangements for 
scanning an article to obtain a signature based upon intrinsic properties of that article. 
25 There have also been described examples of how that signature can be generated from 
the data collected during the scan, and how the signature can be compared to a later 
scan from the same or a different article to provide a measure of how likely it is that 
the same article has been scanned in the later scan. 

30 Such a system has many applications, amongst which are security and 

confidence screening of items for fraud prevention and item traceability. 
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In some examples, the method for extracting a signature from a scanned article 
can be optimised to provide reliable recognition of an article despite deformations to 
that article caused by, for example, stretching or shrinkage. Such stretching or 
shrinkage of an article may be caused by, for example, water damage to a paper or 
5 cardboard based article. 

Also, an article may appear to a scanner to be stretched or shrunk if the 
relative speed of the article to the sensors in the scanner is non-linear. This may occur 
if, for example the article is being moved along a conveyor system, or if the article is 
10 being moved through a scanner by a human holding the article. An example of a 
likely scenario for this to occur is where a human scans, for example, a bank card 
using a scanner such as that described with reference to Figures 6A, 6B and 6C above. 

As described above, where a scanner is based upon a scan head which moves 
1 5 within the scanner unit relative to an article held stationary against or in the scanner, 
then linearisation guidance can be provided by the optional distance marks 28 to 
address any non-linearities in the motion of the scan head. Where the article is moved 
by a human, these non-linearities can be greatly exaggerated 

20 To address recognition problems which could be caused by these non-linear 

effects, it is possible to adjust the analysis phase of a scan of an article. Thus a 
modified validation procedure will now be described with reference to Figure 12. The 
process implemented in this example uses a block-wise analysis of the data to address 
the non-linearities. 

25 

The process carried out in accordance with Figure 12, can include some or all 
of the steps of smoothing and differentiating the data, computing and subtracting the 
mean, and digitisation for obtaining the signature and thumbnail described with 
reference to Figure 10, but are not shown in Figure 12 so as not to obscure the content 
30 of that figure. 
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As shown in Figure 1, the scanning process for a validation scan using a 
block-wise analysis starts at step S21 by performing a scan of the article to acquire the 
date describing the intrinsic properties of the article. This scanned data is then 
divided into contiguous blocks (which can be performed before or after digitisation 
5 and any smoothing/differentiation or the like) at step S22. In one example, a scan 
length of 54mm is divided into eight equal length blocks. Each block therefore 
represents a subsection of scanned area of the scanned article. 

For each of the blocks, a cross-correlation is performed against the equivalent 
10 block for each stored signature with which it is intended that article be compared at 
step S23. This can be performed using a thumbnail approach with one thumbnail for 
each block. The results of these cross-correlation calculations are then analysed to 
identify the location of the cross-correlation peak. The location of the cross- 
correlation peak is then compared at step S24 to the expected location of the peak for 
15 the case were a perfectly linear relationship to exist between the original and later 
scans of the article. 

This relationship can be represented graphically as shown in Figures 13 A, 13B 
and 13C. In the example of Figure 13A, the cross-correlation peaks are exactly where 
20 expected, such that the motion of the scan head relative to the article has been 
perfectly linear and the article has not experienced stretch or shrinkage. Thus a plot 
of actual peak positions against expected peak results in a straight line which passes 
through the origin and has a gradient of 1 . 

25 In the example of Figure 1 3B, the cross-correlation peaks are closer together 

than expected, such that the gradient of a line of best fit is less than one. Thus the 
article has shrunk relative to its physical characteristics upon initial scanning. Also, 
the best fit line does not pass through the origin of the plot. Thus the article is shifted 
relative to the scan head compared to its position upon initial scanning. 

30 

In the example of Figure 13C, the cross correlation peaks do not form a 
straight line. In this example, they approximately fit to a curve representing a y 2 
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function. Thus the movement of the article relative to the scan head has slowed 
during the scan. Also, as the best fit curve does not cross the origin, it is clear that the 
article is shifted relative to its position upon initial scanning. 



5 A variety of functions can be test-fitted to the plot of points of the cross- 

correlation peaks to find a best-fitting function. Thus curves to account for stretch, 
shrinkage, misalignment, acceleration, deceleration, and combinations thereof can be 
used. 

10 Once a best-fitting function has been identified at step S25, a set of change 

parameters can be determined which represent how much each cross-correlation peak 
is shifted from its expected position at step S26. These compensation parameters can 
then, at step S27, be applied to the data from the scan taken at step S21 in order 
substantially to reverse the effects of the shrinkage, stretch, misalignment, 

15 acceleration or deceleration on the data from the scan. As will be appreciated, the 
better the best-fit function obtained at step S25 fits the scan data, the better the 
compensation effect will be. 

The compensated scan data is then broken into contiguous blocks at step S28 
20 as in step S22. The blocks are then individually cross-correlated with the respective 
blocks of data from the stored signature at step S29 to obtain the cross-correlation 
coefficients. This time the magnitude of the cross-correlation peaks are analysed to 
determine the uniqueness factor at step S29. Thus it can be determined whether the 
scanned article is the same as the article which was scanned when the stored signature 
25 was created. 

Accordingly, there has now been described an example of a method for 
compensating for physical deformations in a scanned article, and for non-linearities in 
the motion of the article relative to the scanner. Using this method, a scanned article 
30 can be checked against a stored signature for that article obtained from an earlier scan 
of the article to determine with a high level of certainty whether or not the same 
article is present at the later scan. Thereby an article constructed from easily distorted 
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material can be reliably recognised. Also, a scanner where the motion of the scanner 
relative to the article may be non-linear can be used, thereby allowing the use of a 
low-cost scanner without motion control elements. 



5 In some scanner apparatuses, it is also possible that it may be difficult to 

determine where a scanned region starts and finishes. Of the examples discussed 
above, this is most problematic for the example of Figure 6B, where an article to be 
scanned passes through a slot, such that the scan head may "see" more of an article 
than the intended scan area. One approach to addressing this difficulty would be to 
10 define the scan area as starting at the edge of the article. As the data received at the 
scan head will undergo a clear step change when an article is passed though what was 
previously free space, the data retrieved at the scan head can be used to determine 
where the scan starts. 

15 In this example, the scan head is operational prior to the application of the 

article to the scanner. Thus initially the scan head receives data corresponding to the 
unoccupied space in front of the scan head. As the article is passed in front of the 
scan head, the data received by the scan head immediately changes to be data 
describing the article. Thus the data can be monitored to determine where the article 

20 starts and all data prior to that can be discarded. The position and length of the scan 
area relative to the article leading edge can be determined in a number of ways. The 
simplest is to make the scan area the entire length of the article, such that the end can 
be detected by the scan head again picking up data corresponding to free space. 
Another method is to start and/or stop the recorded data a predetermined number of 

25 scan readings from the leading edge. Assuming that the article always moves past the 
scan head at approximately the same speed, this would result in a consistent scan area. 
Another alternative is to use actual marks on the article to start and stop the scan 
region, although this may require more work, in terms of data processing, to 
determine which captured data corresponds to the scan area and which data can be 

30 discarded. 
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Thus there has now been described an number of techniques for scanning an 
item to gather data based on an intrinsic property of the article, compensating if 
necessary for damage to the article or non-linearities in the scanning process, and 
comparing the article to a stored signature based upon a previous scan of an article to 
5 determine whether the same article is present for both scans. 

Another characteristic of an article which can be detected using a block-wise 
analysis of a signature generated based upon an intrinsic property of that article is that 
of localised damage to the article. For example, such a technique can be used to 
1 0 detect modifications to an article made after an initial record scan. 

For example, many documents, such as passports, ID cards and driving 
licenses, include photographs of the bearer. If an authenticity scan of such an article 
includes a portion of the photograph, then any alteration made to that photograph will 

15 be detected. Taking an arbitrary example of splitting a signature into 10 blocks, three 
of those blocks may cover a photograph on a document and the other seven cover 
another part of the document, such as a background material. If the photograph is 
replaced, then a subsequent rescan of the document can be expected to provide a good 
match for the seven blocks where no modification has occurred, but the replaced 

20 photograph will provide a very poor match. By knowing that those three blocks 
correspond to the photograph, the fact that all three provide a very poor match can be 
used to automatically fail the validation of the document, regardless of the average 
score over the whole signature. 

25 Also, many documents include written indications of one or more persons, for 

example the name of a person identified by a passport, driving licence or identity 
card, or the name of a bank account holder. Many documents also include a place 
where written signature of a bearer or certifier is applied. Using a block-wise analysis 
of a signature obtained therefrom for validation can detect a modification to alter a 

30 name or other important word or number printed or written onto a document. A block 
which corresponds to the position of an altered printing or writing can be expected to 
produce a much lower quality match than blocks where no modification has taken 
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place. Thus a modified name or written signature can be detected and the document 
failed in a validation test even if the overall match of the document is sufficiently high 
to obtain a pass result. 

5 An example of an identity card 300 is shown in Figure 300.. The identity card 

300 includes a printed bearer name 302, a photograph of the bearer 304, a signature of 
the bearer 306 (which may be written onto the card, or printed from a scan of a 
written signature or a signature captured electronically), and a printed card number 
308. In order to protect against fraudulent alteration to the identity card, a scan area 

1 0 for generating a signature based upon an intrinsic property of the card can include one 
or more of those elements. Various example scan areas are marked in Figure 1 5 to 
illustrate the possibilities. Example scan area 321 includes part of the printed name 
302 and part of the photograph 304. Example scan area 322 includes part of the 
printed name. Example scan area 323 includes part of the signature 306. Example 

1 5 scan area 324 includes part of the card number 308. 

The area and elements selected for the scan area can depend upon a number of 
factors, including the element of the document which it is most likely that a fraudster 
would attempt to alter. For example, for any document including a photograph the 

20 most likely alteration target will usually be the photograph as this visually identifies 
the bearer. Thus a scan area for such a document might beneficially be selected to 
include a portion of the photograph. Another element which may be subjected to 
fraudulent modification is the bearer's signature, as it is easy for a person to pretend 
to have a name other than their own, but harder to copy another person 's signature. 

25 Therefore for signed documents, particularly those not including a photograph, a scan 
area may beneficially include a portion of a signature on the document. 

In the general case therefore, it can be seen that a test for authenticity of an 
article can comprise a test for a sufficiently high quality match between a verification 
30 signature and a record signature for the whole of the signature, and a sufficiently high 
match over at least selected blocks of the signatures. Thus regions important to the 
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assessing the authenticity of an article can be selected as being critical to achieving a 
positive authenticity result. 

In some examples, blocks other than those selected as critical blocks may be 
5 allowed to present a poor match result. Thus a document may be accepted as 
authentic despite being torn or otherwise damaged in parts, so long as the critical 
blocks provide a good match and the signature as a whole provides a good match. 

Thus there have now been described a number of examples of a system, 
10 method and apparatus for identifying localised damage to an article, and for rejecting 
an inauthentic an article with localised damage or alteration in predetermined regions 
thereof. Damage or alteration in other regions may be ignored, thereby allowing the 
document to be recognised as authentic. 

15 When using a biometric technique such as the identity technique described 

with reference to Figures 1 to 14 above for the verification of the authenticity or 
identity of an article, difficulties can arise with the reproducibility of signatures based 
upon biometric characteristics. In particular, as well as the inherent tendency for a 
biometric signature generation system to return slightly different results in each 

20 signature generated from an article, where an article is subjected to a signature 
generation process at different signature generation apparatuses and at different times 
there is the possibility that a slightly different portion of the article is presented on 
each occasion, making reliable verification more difficult. 

25 Examples of systems, methods and apparatuses for addressing these 

difficulties will now be described. First, with reference to Figure 15, a multi-scan 
head signature generation apparatus for database creation will be described. 

As shown in Figure 15, a reader unit 100 can include two optic subassemblies 
30 20, each operable to create a signature for an article presented in a reading volume 
102 of the reader unit. Thus an item presented for scanning to create a signature for 
recording of the item in an item database against which the item can later be verified, 
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can be scanned twice, to create two signatures, spatially offset from one another by a 
likely alignment error amount. Thus a later scan of the item for identification or 
authenticity verification can be matched against both stored signatures. In some 
examples, a match against one of the two stored signatures can be considered as a 
5 successful match. 

In some examples, further read heads can be used, such that three, four or 
more signatures are created for each item. Each scan head can be offset from the 
others in order to provide signatures from positions adjacent the intended scan 
10 location. Thus greater robustness to article misalignment on verification scanning can 
be provided. 

The offset between scan heads can be selected dependent upon factors such as 
a width of scanned portion of the article, size of scanned are relative to the total article 
1 5 size, likely misalignment amount during verification scanning, and article material. 

Thus there has now been described a system for scanning an article to create a 
signature database against which an article can be checked to verify the identity 
and/or authenticity of the article. 

20 

An example of another system for providing multiple signatures in an article 
database will now be describe with reference to Figure 16. 

As shown in Figure 16, a reader unit 100' can have a single optic subassembly 
25 20 and an alignment adjustment unit 104. In use, the alignment adjustment unit 104 
can alter the alignment of the optics subassembly 20 relative to the reading volume 
102 of the reader unit. Thus an article placed in the reading volume can be scanned 
multiple times by the optics subassembly 20 in different positions so as to create 
multiple signatures for the article. In the present example, the alignment adjustment 
30 unit 104 can adjust the optics subassembly to read from two different locations. Thus 
a later scan of the item for identification or authenticity verification can be matched 



38 



against both stored signatures. In some examples, a match against one of the two 
stored signatures can be considered as a successful match. 



In some examples, further read head positions can be used, such that three, 
5 four or more signatures are created for each item. Each scan head position can be 
offset from the others in order to provide signatures from positions adjacent the 
intended scan location. Thus greater robustness to article misalignment on 
verification scanning can be provided. 

1 0 The offset between scan head positions can be selected dependent upon factors 

such as a width of scanned portion of the article, size of scanned are relative to the 
total article size, likely misalignment amount during verification scanning, and article 
material. 

1 5 Thus there has now been described another example of a system for scanning 

an article to create a signature database against which an article can be checked to 
verify the identity and/or authenticity of the article. 

Although it has been described above that a scanner used for record scanning 
20 (i.e. scanning of articles to create reference signatures against which the article can 
later be validated) can use multiple scan heads and/or scan head positions to create 
multiple signatures for an article, it is also possible to use a similar system for later 
validation scanning. 

25 For example, a scanner for use in a validation scan may have multiple read 

heads to enable multiple validation scan signatures to be generated. Each of these 
multiple signatures can be compared to a database of recorded signatures, which may 
itself contain multiple signatures for each recorded item. Due to the fact that, 
although the different signatures for each item may vary these signatures will all still 

30 be extremely different to any signatures for any other items, a match between any one 
record scan signature and any one validation scan signature should provide sufficient 
confidence in the identity and/or authenticity of an item. 
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A multiple read head validation scanner can be arranged much as described 
with reference to Figure 1 5 above. Likewise, a multiple read head position validation 
scanner can be arranged much as described with reference to Figure 16 above. Also, 
5 for both the record and validation scanners, a system of combined multiple scan heads 
and multiple scan head positions per scan head can be combined into a single device. 

As discussed above, key distribution for encryption is a field in which reliable 
and secure provision for the distribution is greatly desirable. In the following 
10 examples, there will be discussed systems, apparatus and methods for secure 
distribution of encryption key as well as examples for the secure distribution of data 
other than encryption keys, such other data may include identification information 
such as logon information, and database query information. 

1 5 With reference to Figure 17, an encryption key 200 can be packaged for secure 

transmission such that only the holder of a unique security token can retrieve the key. 
To achieve this, in the present example, error correction bits are added to the key at 
202. In some examples, additional random data may be added to the key before the 
error correction bits are added. Then, a signature 204 calculated from a scan of a 

20 security token, for example as discussed with reference to Figures 1 to 16 above, is 
exclusive-ORed 206 with the key plus error correction data 202. This exclusive OR 
operation is performed on a bitwise basis to create a packaged key 208. 

Thus the encryption key has been packaged in such a manner than an 
25 authorised recipient can retrieve it, but such that a third party intercepting the 
packaged key cannot obtain the key therefrom. 

With reference to Figure 18, a method for unpacking the key by an authorised 
recipient will now be described. The packaged key 208 is bitwise exclusive-ORed 
30 214 with a signature 212 calculated from a scan of the security token, for example as 
discussed with reference to Figures 1 to 16 above, to obtain the encryption key with 
the error correction bits 216. This recovered encryption key with error correction bits 
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may include errors relative to the original encryption key with error correction bits 
202 as the signatures used for packaging and unpacking may not be identical, even 
though they are made from the same security token using the same method. Thus the 
error correction bits are used to correct 2 1 8 any such errors which may have occurred 
5 in the key, so as to reproduce the encryption key 220 which is identical to the 
encryption key 100 originally packaged for transmission. 

The error correction coding strength and system used can be selected based 
upon an expected error rate in the security token signatures. 

10 

In examples where additional random data is added to the key, or where the 
key inherently contains redundant information, the operation of the error correction 
coding can be enhanced. 

1 5 The error correction coding and redundant information allow a biometric type 

signature, such as one generated as set out with reference to any of Figures 1 to 16 
above, to be used with a non-error tolerant system such as an encryption key. It is a 
fundamental behaviour of biometric based identification systems that the probability 
of the same item producing exactly the same biometric signature more than once, 

20 even when the same procedure is used on the same item, is extremely small. Thus the 
differences between two biometric signatures of the same item can be allowed for to 
create an error free system for securing an error intolerant system. 

In some examples, the packaged key may be transmitted alone such that the 
25 key is distributed as a stand-alone item. This could be used for distribution of a key 
from a public/private key pair in a manner which enables the recipient to be certain of 
the originator of the key. In other examples, the packaged key may be transmitted 
with data which has been encrypted using the key, such that the recipient of the data is 
provided with the decryption key for use in decrypting that data. Such systems allow 
30 the easy use of short usage life encryption keys, with each key being used for as little 
as one data packet before being discarded in favour of a new key. Such frequent 
changes in encryption keys provide no inconvenience to a data recipient in such cases 
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as the security token allows the new keys to be accessed and used without needing 
user input for tracking of new keys. 



In some examples, either the signature used for packaging or the signature 
5 used for unpacking may be a previously created signature stored by the packaging or 
unpacking entity. In some examples, an entity may maintain a large database of 
signatures, the database containing signatures relating to many different security 
tokens. Thus, for example, a financial services entity (such as a bank) may store 
signatures for security tokens of many customers, allowing the entity to enter into 
10 secure encrypted communications with its customers on an individual basis. 

In the system, method and apparatus of the present examples any item can be 
used as the security token, in particular, the token can be primarily two-dimensional 
and can be optically opaque or translucent. The use of such articles is set out in more 
15 detail with reference to Figures 1 to 16 above. 

The security token used for providing the secure access to the key can be any 
item from which it is possible to create the necessary signature. For example an item 
which is normally carried such as a bank, credit or loyalty card could be used as an 

20 access token, regardless of whether the information related to information about that 
bank or loyalty scheme. Alternatively, a completely non-obvious access token could 
be used. Examples could include a business card or other similar item. Use of such a 
non-obvious access token would reduce the chances of a person stealing or finding the 
access token from using it to gain access to the owner's data. Thereby the "steal me" 

25 problem commonly associated with obviously important items and documents (such 
as bank cards and packages marked "private and confidential") can be avoided. 

Thus encryption keys can be securely distributed to allow an intended 
recipient to extract the key for use, while any third party receiving the key cannot 
30 obtain the actual key. 
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In some examples a database access request may be made, using a database 
logon as necessary and a suitable query. The response from the database may be 
transmitted using a packaged key with appended encrypted data as described above. 
In one example, a signature based upon an intrinsic characteristic of a database access 
5 token may be used as the database logon and/or query. The submitted signature can 
be used as the logon and search query by associating each data record in the database 
with a signature, and making the signature a searchable field. In some examples, the 
signature may be on the only searchable field wit the possible exceptions of systems 
administrator access, regulatory inspection access and legal or criminal investigation 

10 access. In addition or alternatively, the signature submitted for search and/or logon 
purposes may in fact be used to package a database access key much as outlined 
above for packaging of an encryption key. The access key could then be recovered 
error free from the packaged key using a copy of the signature stored for an access 
mechanism for the database. The resulting database record could then be returned 

1 5 using the signature of the security token to package an encryption key for decrypting 
the returned data. 

In some examples, the database access token and the security token could be 
the same physical article. Different signatures could be generated from the article by 
20 scanning different areas of the article, and/or by scanning at different resolutions. 

Although the embodiments above have been described in considerable detail, 
numerous variations and modifications will become apparent to those skilled in the art 
once the above disclosure is fully appreciated. It is intended that the following claims 
25 be interpreted to embrace all such variations and modifications as well as their 
equivalents. 
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CLAIMS 



1 . A method for the distribution of a key, the method comprising: 

packaging a key using a signature based upon an intrinsic property of a 
5 security token; 

transmitting the packaged key to a recipient location; and 
unpacking the key using a signature based upon the intrinsic property of the 
security token. 

10 2. The method of claim 1, wherein said packaging comprises creating error 
correction code data for the key and packaging the key and the error correction code 
data using the signature. 

3. The method of claim 2, wherein the unpacking comprises unpacking the key 
1 5 and the error correction code data and using the error correction code data to undo any 

errors in the key. 

4. The method of claim 1, 2 or 3, wherein the packaging comprises performing a 
bitwise exclusive-OR operation between the key and the signature. 

20 

5. The method of claim 4, wherein the unpacking comprises performing a bitwise 
exclusive-OR operation between the packaged key and the signature. 

6. The method of any preceding claim, wherein the signature used in the 
25 packaging step is different to the signature used in the unpacking step. 

7. The method of claim 6, wherein both signatures are based upon the same 
intrinsic characteristic of the same security token. 

30 8. The method of any preceding claim, wherein the signature is created by: 
exposing the security token to coherent radiation; 
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collecting a set of data points that measure scatter of the coherent radiation 
from intrinsic structure of the security token; and 

determining a signature of the security token from the set of data points. 

5 9. The method of any preceding claim, wherein the key is an encryption key. 

10. The method of any preceding claim, wherein the key is a key of an 
asymmetric encryption key pair. 

10 11. The method of any preceding claim, wherein the security token is substantially 
two-dimensional. 

12. The method of any preceding claim, wherein the security token is optically 
non-transparent. 

15 

13. A method of transmitting encrypted data comprising: 
encrypting data using an encryption key; 

packaging a key using a signature based upon an intrinsic property of a 
security token; 

20 transmitting the packaged key and encrypted data to a recipient location; and 

unpacking the key using a signature based upon the intrinsic property of the 
security token; and 

decrypting the data using the unpacked key. 

25 14. The method of claim 13, wherein said packaging comprises creating error 
correction code data for the key and packaging the key and the error correction code 
data using the signature, and wherein said unpacking comprises unpacking the key 
and the error correction code data and using the error correction code data to undo any 
errors in the key. 

30 

15. The method of claim 13 or 14, wherein the packaging comprises performing a 
bitwise exclusive-OR operation between the key and the signature, and wherein the 
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unpacking comprises performing a bitwise exclusive-OR operation between the 
packaged key and the signature. 

16. The method of claim 13, 14 or 15, wherein the signature used in the packaging 
5 step is different to the signature used in the unpacking step, and wherein both 

signatures are based upon the same intrinsic characteristic of the same security token. 

17. The method of any of claims 1 3 to 1 6, wherein the signature is created by: 
exposing the security token to coherent radiation; 

10 collecting a set of data points that measure scatter of the coherent radiation 

from intrinsic structure of the security token; and 

determining a signature of the security token from the set of data points. 

18. The method of any of claims 13 to 1 7, wherein the data relates to a transaction 
15 between a party associated with the packaging of the key and a party associated with 

the unpacking of the key. 

19. The method of claim 18, wherein the transaction is conducted between the 
parties from physically separate locations. 

20 

20. The method of claim 18 or 19, wherein the data relates to a transfer of value 
between the parties. 

21. The method of claim 18, 19 or 20, wherein the security token is a physical 
25 article associated with one of the parties. 

22. The method of claim 21, wherein the signature used in the packaging step or 
the signature used in the unpacking step was previously created from the security 
token and is stored in a database of signatures. 

30 



46 



23. The method of any of claims 13 to 22, wherein the signature used in the 
packing step or the signature used in the unpacking step is created from the security 
token at the time of packaging or unpacking of the data. 

5 24. The method of any of claims 13 to 23, wherein the data is extracted from a 
database before encryption. 

25. The method of claim 24, wherein a signature based upon an intrinsic property 
of a database access token has previously been submitted as part of a search query to 

10 the database. 

26. The method of claim 25, wherein the database access token and the security 
token are the same physical entity. 

15 27. The method of any of claims 13 to 26, wherein the security token is 
substantially two-dimensional. 

28. The method of any of claims 13 to 27, wherein the security token is optically 
non-transparent. 

20 

29. A key distribution system comprising: 

a key packaging unit operable to package a key using a signature based upon 
an intrinsic property of a security token; 

a channel operable to have the packaged key transmitted therethrough; and 
25 a key unpacking unit operable to unpack the key using a signature based upon 

the intrinsic property of the security token. 

30. The system of claim 29, wherein said key packaging unit is operable to create 
error correction code data for the key and to package the key and the error correction 

30 code data using the signature. 
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3 1 . The system of claim 30, wherein the key unpacking unit is operable to unpack 
the key and the error correction code data and to use the error correction code data to 
undo any errors in the key. 



5 32. The system of claim 29, 30 or 3 1, wherein the key packaging unit is operable 
to cany out the packaging by performing a bitwise exclusive-OR operation between 
the key and the signature. 

33. The system of claim 32, wherein the key unpacking unit is operable to carry 
10 our the unpacking by performing a bitwise exclusive-OR operation between the 

packaged key and the signature. 

34. The system of any of claims 29 to 33, wherein the signature used in the 
packaging step is different to the signature used in the unpacking step. 

15 

35. The system of claim 34, wherein both signatures are based upon the same 
intrinsic characteristic of the same security token. 

36. The system of any of claims 29 to 35, wherein the signature is created by: 
20 exposing the security token to coherent radiation; 

collecting a set of data points that measure scatter of the coherent radiation 
from intrinsic structure of the security token; and 

determining a signature of the security token from the set of data points. 

25 37. The system of any of claims 29 to 36, wherein the key is an encryption key. 

38. The system of any of claims 29 to 37, wherein the key is a key of an 
asymmetric encryption key pair. 

30 39. The system of any of claims 29 to 38, wherein the security token is 
substantially two-dimensional. 
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40. The system of any of claims 29 to 39, wherein the security token is optically 
non-transparent. 

41. An encrypted data transmission system comprising: 

5 an encryption unit operable to encrypt data using an encryption key; 

a packaging unit operable to package the key using a signature based upon an 
intrinsic property of a security token; 

a channel operable to have the packaged key and encrypted data transmitted 
therethrough; 

1 0 an unpacking unit operable to unpack the key using a signature based upon the 

intrinsic property of the security token; and 

a decryption unit operable to decrypt the data using the unpacked key. 

42. The system of any claims 41, wherein the security token is substantially two- 
1 5 dimensional. 

43. The system of claim 41 or 42, wherein the security token is optically non- 
transparent. 

20 44. A system substantially as hereinbefore described, with reference to Figures 16 
or 17. 

45. Apparatus substantially as hereinbefore described. 
25 46. A method substantially as hereinbefore described. 
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